Update Drupal 7 dependencies

2025-09-04 08:28:55 +00:00 · 2025-06-03 10:37:00 -06:00 · 2025-06-03 10:37:00 -06:00 · 13df912654
commit 13df912654
parent 7d902ba1ef
391 changed files with 2900 additions and 1502 deletions
--- a/drupal7/web/.gitlab-ci.yml
+++ b/drupal7/web/.gitlab-ci.yml
@ -10,23 +10,35 @@
 ################

 ################
-# Includes
+# Workflow
 #
-# Additional configuration can be provided through includes.
-# One advantage of include files is that if they are updated upstream, the
-# changes affect all pipelines using that include.
+# Define conditions for when the pipeline will run.
+#   For example:
+#     * On commit
+#     * On merge request
+#     * On manual trigger
+#     * etc.
+# https://docs.gitlab.com/ee/ci/jobs/job_control.html#specify-when-jobs-run-with-rules
 #
-# Includes can be overriden by re-declaring anything provided in an include,
-# here in gitlab-ci.yml
-# https://docs.gitlab.com/ee/ci/yaml/includes.html#override-included-configuration-values
+# Pipelines can also be configured to run on a schedule,though they still must meet the conditions defined in Workflow and Rules. This can be used, for example, to do nightly regression testing:
+# https://gitlab.com/help/ci/pipelines/schedules
 ################

-include:
-  - project: $_GITLAB_TEMPLATES_REPO
-    ref: $_GITLAB_TEMPLATES_REF
-    file:
-      - '/includes/include.drupalci.variables.yml'
-      - '/includes/include.drupalci.workflows.yml'
+workflow:
+  rules:
+  # These 3 rules from https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Workflows/MergeRequest-Pipelines.gitlab-ci.yml
+    # Run on merge requests
+    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
+    # Run when called from an upstream pipeline https://docs.gitlab.com/ee/ci/pipelines/downstream_pipelines.html?tab=Multi-project+pipeline#use-rules-to-control-downstream-pipeline-jobs
+    - if: $CI_PIPELINE_SOURCE == 'pipeline'
+    # Run on commits.
+    - if: $CI_PIPELINE_SOURCE == "push" && $CI_PROJECT_ROOT_NAMESPACE == "project"
+    # The last rule above blocks manual and scheduled pipelines on non-default branch. The rule below allows them:
+    - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_PROJECT_ROOT_NAMESPACE == "project"
+    # Run if triggered from Web using 'Run Pipelines'
+    - if: $CI_PIPELINE_SOURCE == "web"
+     # Run if triggered from WebIDE
+    - if: $CI_PIPELINE_SOURCE == "webide"

 ################
 # Variables
@ -42,9 +54,11 @@ include:
 ################

 variables:
+  _CONFIG_DOCKERHUB_ROOT: "drupalci"
  _TARGET_PHP: "8.1"
  CONCURRENCY: 15
  GIT_DEPTH: "3"
+  COMPOSER_ALLOW_SUPERUSER: 1

 ################
 # Stages
--- a/drupal7/web/.htaccess
+++ b/drupal7/web/.htaccess
@ -149,6 +149,13 @@ DirectoryIndex index.php index.html index.htm

 # Various header fixes.
 <IfModule mod_headers.c>
+  # Disable content sniffing for all responses, since it's an attack vector.
+  # This header is also set in drupal_deliver_html_page(), which depending on
+  # Apache configuration might get placed in the 'onsuccess' table. To prevent
+  # header duplication, unset that one prior to setting in the 'always' table.
+  # See "To circumvent this limitation..." in
+  # https://httpd.apache.org/docs/current/mod/mod_headers.html.
+  Header onsuccess unset X-Content-Type-Options
  # Disable content sniffing, since it's an attack vector.
  Header always set X-Content-Type-Options nosniff
  # Disable Proxy header, since it's an attack vector.
--- a/drupal7/web/CHANGELOG.txt
+++ b/drupal7/web/CHANGELOG.txt
@ -1,3 +1,18 @@
+Drupal 7.103, 2024-12-04
+------------------------
+- So Long, and Thanks for All the Fish
+
+Drupal 7.102, 2024-11-20
+------------------------
+- Fixed security issues:
+   - SA-CORE-2024-005
+   - SA-CORE-2024-008
+
+Drupal 7.101, 2024-06-05
+------------------------
+- Various security improvements
+- Various bug fixes, optimizations and improvements
+
 Drupal 7.100, 2024-03-06
 ------------------------
 - Security improvements
--- a/drupal7/web/includes/ajax.inc
+++ b/drupal7/web/includes/ajax.inc
@ -323,7 +323,7 @@ function ajax_render($commands = array()) {
 function ajax_get_form() {
  $form_state = form_state_defaults();

-  $form_build_id = $_POST['form_build_id'];
+  $form_build_id = (isset($_POST['form_build_id']) ? $_POST['form_build_id'] : '');

  // Get the form from the cache.
  $form = form_get_cache($form_build_id, $form_state);
--- a/drupal7/web/includes/bootstrap.inc
+++ b/drupal7/web/includes/bootstrap.inc
@ -8,7 +8,7 @@
 /**
 * The current system version.
 */
-define('VERSION', '7.100');
+define('VERSION', '7.103');

 /**
 * Core API compatibility.
@ -729,8 +729,8 @@ function drupal_environment_initialize() {
 /**
 * Validates that a hostname (for example $_SERVER['HTTP_HOST']) is safe.
 *
- * @return
- *  TRUE if only containing valid characters, or FALSE otherwise.
+ * @return bool
+ *   TRUE if it only contains valid characters, FALSE otherwise.
 */
 function drupal_valid_http_host($host) {
  // Limit the length of the host name to 1000 bytes to prevent DoS attacks with
@ -807,8 +807,8 @@ function drupal_settings_initialize() {
    // Otherwise use $base_url as session name, without the protocol
    // to use the same session identifiers across HTTP and HTTPS.
    list( , $session_name) = explode('://', $base_url, 2);
-    // HTTP_HOST can be modified by a visitor, but we already sanitized it
-    // in drupal_settings_initialize().
+    // HTTP_HOST can be modified by a visitor, but we already sanitized it in
+    // drupal_environment_initialize().
    if (!empty($_SERVER['HTTP_HOST'])) {
      $cookie_domain = _drupal_get_cookie_domain($_SERVER['HTTP_HOST']);
    }
@ -2285,7 +2285,8 @@ function drupal_block_denied($ip) {
 *   The number of random bytes to fetch and base64 encode.
 *
 * @return string
- *   The base64 encoded result will have a length of up to 4 * $byte_count.
+ *   A base-64 encoded string, with + replaced with -, / with _ and any =
+ *   padding characters removed.
 */
 function drupal_random_key($byte_count = 32) {
  return drupal_base64_encode(drupal_random_bytes($byte_count));
@ -2718,6 +2719,18 @@ function _drupal_bootstrap_configuration() {
  // Initialize the configuration, including variables from settings.php.
  drupal_settings_initialize();

+  // Check trusted HTTP Host headers to protect against header attacks.
+  if (PHP_SAPI !== 'cli') {
+    $host_patterns = variable_get('trusted_host_patterns', array());
+    if (!empty($host_patterns)) {
+      if (!drupal_check_trusted_hosts($_SERVER['HTTP_HOST'], $host_patterns)) {
+        header($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request');
+        print 'The provided host name is not valid for this server.';
+        exit;
+      }
+    }
+  }
+
  // Sanitize unsafe keys from the request.
  DrupalRequestSanitizer::sanitize();
 }
@ -3947,6 +3960,36 @@ function drupal_clear_opcode_cache($filepath) {
  }
 }

+/**
+ * Checks trusted HTTP Host headers to protect against header injection attacks.
+ *
+ * @param string|null $host
+ *   The host name.
+ * @param array $host_patterns
+ *   The array of trusted host patterns.
+ *
+ * @return bool
+ *   TRUE if the host is trusted, FALSE otherwise.
+ */
+function drupal_check_trusted_hosts($host, array $host_patterns) {
+  if (!empty($host) && !empty($host_patterns)) {
+    // Trim and remove the port number from host; host is lowercase as per
+    // RFC 952/2181.
+    $host = strtolower(preg_replace('/:\d+$/', '', trim($host)));
+
+    foreach ($host_patterns as $pattern) {
+      $pattern = sprintf('{%s}i', $pattern);
+      if (preg_match($pattern, $host)) {
+        return TRUE;
+      }
+    }
+
+    return FALSE;
+  }
+
+  return TRUE;
+}
+
 /**
 * Drupal's wrapper around PHP's setcookie() function.
 *
--- a/drupal7/web/includes/common.inc
+++ b/drupal7/web/includes/common.inc
@ -2967,7 +2967,11 @@ function drupal_set_time_limit($time_limit) {
 *   The path to the requested item or an empty string if the item is not found.
 */
 function drupal_get_path($type, $name) {
-  return dirname(drupal_get_filename($type, $name));
+  if ($filename = drupal_get_filename($type, $name)) {
+    return dirname($filename);
+  }
+
+  return "";
 }

 /**
@ -5544,8 +5548,27 @@ function drupal_cron_run() {
      DrupalQueue::get($queue_name)->createQueue();
    }

+    $module_previous = '';
+
+    // If detailed logging isn't enabled, don't log individual execution times.
+    $time_logging_enabled = variable_get('cron_detailed_logging', DRUPAL_CRON_DETAILED_LOGGING);
+
    // Iterate through the modules calling their cron handlers (if any):
    foreach (module_implements('cron') as $module) {
+      if ($time_logging_enabled) {
+        if (!$module_previous) {
+          watchdog('cron', 'Starting execution of @module_cron().', array('@module' => $module));
+        }
+        else {
+          watchdog('cron', 'Starting execution of @module_cron(), execution of @module_previous_cron() took @time.', array(
+            '@module' => $module,
+            '@module_previous' => $module_previous,
+            '@time' => timer_read('cron_' . $module_previous) . 'ms',
+          ));
+        }
+        timer_start('cron_' . $module);
+      }
+
      // Do not let an exception thrown by one module disturb another.
      try {
        module_invoke($module, 'cron');
@ -5553,6 +5576,20 @@ function drupal_cron_run() {
      catch (Exception $e) {
        watchdog_exception('cron', $e);
      }
+
+      if ($time_logging_enabled) {
+        timer_stop('cron_' . $module);
+        $module_previous = $module;
+      }
+    }
+
+    if ($time_logging_enabled) {
+      if ($module_previous) {
+        watchdog('cron', 'Execution of @module_previous_cron() took @time.', array(
+          '@module_previous' => $module_previous,
+          '@time' => timer_read('cron_' . $module_previous) . 'ms',
+        ));
+      }
    }

    // Record cron time.
@ -8212,7 +8249,10 @@ function entity_get_controller($entity_type) {
  $controllers = &drupal_static(__FUNCTION__, array());
  if (!isset($controllers[$entity_type])) {
    $type_info = entity_get_info($entity_type);
-    $class = $type_info['controller class'];
+    // Explicitly fail for malformed entities missing a valid controller class.
+    if (!isset($type_info['controller class']) || !class_exists($class = $type_info['controller class'])) {
+      throw new EntityMalformedException(t('Missing or non-existent controller class on entity of type @entity_type.', array('@entity_type' => $entity_type)));
+    }
    $controllers[$entity_type] = new $class($entity_type);
  }
  return $controllers[$entity_type];
--- a/drupal7/web/includes/database/mysql/query.inc
+++ b/drupal7/web/includes/database/mysql/query.inc
@ -63,6 +63,14 @@ class InsertQuery_mysql extends InsertQuery {

    $max_placeholder = 0;
    $values = array();
+    if (!is_array($this->insertValues)) {
+      if (version_compare(PHP_VERSION, '7.4', '>=')) {
+        throw new UnexpectedValueException();
+      }
+      else {
+        drupal_trigger_fatal_error('Unexpected Value');
+      }
+    }
    if (count($this->insertValues)) {
      foreach ($this->insertValues as $insert_values) {
        $placeholders = array();
@ -96,6 +104,14 @@ class TruncateQuery_mysql extends TruncateQuery { }
 class UpdateQuery_mysql extends UpdateQuery {
  public function __toString() {
    if (method_exists($this->connection, 'escapeField')) {
+      if (!is_array($this->fields)) {
+        if (version_compare(PHP_VERSION, '7.4', '>=')) {
+          throw new UnexpectedValueException();
+        }
+        else {
+          drupal_trigger_fatal_error('Unexpected Value');
+        }
+      }
      $escapedFields = array();
      foreach ($this->fields as $field => $data) {
        $field = $this->connection->escapeField($field);
--- a/drupal7/web/includes/database/pgsql/query.inc
+++ b/drupal7/web/includes/database/pgsql/query.inc
@ -120,7 +120,15 @@ class InsertQuery_pgsql extends InsertQuery {

    $max_placeholder = 0;
    $values = array();
-      if (count($this->insertValues)) {
+    if (!is_array($this->insertValues)) {
+      if (version_compare(PHP_VERSION, '7.4', '>=')) {
+        throw new UnexpectedValueException();
+      }
+      else {
+        drupal_trigger_fatal_error('Unexpected Value');
+      }
+    }
+    if (count($this->insertValues)) {
      foreach ($this->insertValues as $insert_values) {
        $placeholders = array();

--- a/drupal7/web/includes/database/prefetch.inc
+++ b/drupal7/web/includes/database/prefetch.inc
@ -293,6 +293,15 @@ class DatabaseStatementPrefetch implements Iterator, DatabaseStatementInterface
            $class_name = $this->fetchOptions['class'];
          }
          if (count($this->fetchOptions['constructor_args'])) {
+            // Verify the current db connection to avoid this code being called
+            // in an inappropriate context.
+            $db_connection_options = Database::getConnection()->getConnectionOptions();
+            $defaults = array('sqlite', 'oracle');
+            $extras = variable_get('database_statement_prefetch_valid_db_drivers', array());
+            $valid_db_drivers = array_merge($defaults, $extras);
+            if (!in_array($db_connection_options['driver'], $valid_db_drivers)) {
+              throw new BadMethodCallException();
+            }
            $reflector = new ReflectionClass($class_name);
            $result = $reflector->newInstanceArgs($this->fetchOptions['constructor_args']);
          }
--- a/drupal7/web/includes/database/query.inc
+++ b/drupal7/web/includes/database/query.inc
@ -1190,6 +1190,15 @@ class UpdateQuery extends Query implements QueryConditionInterface {
   *   The prepared statement.
   */
  public function __toString() {
+    if (!is_array($this->expressionFields) || !is_array($this->fields)) {
+      if (version_compare(PHP_VERSION, '7.4', '>=')) {
+        throw new UnexpectedValueException();
+      }
+      else {
+        drupal_trigger_fatal_error('Unexpected Value');
+      }
+    }
+
    // Create a sanitized comment string to prepend to the query.
    $comments = $this->connection->makeComment($this->comments);

--- a/drupal7/web/includes/database/sqlite/database.inc
+++ b/drupal7/web/includes/database/sqlite/database.inc
@ -134,6 +134,9 @@ class DatabaseConnection_sqlite extends DatabaseConnection {
   */
  public function __destruct() {
    if ($this->tableDropped && !empty($this->attachedDatabases)) {
+      if (!is_array($this->attachedDatabases)) {
+        throw new UnexpectedValueException();
+      }
      foreach ($this->attachedDatabases as $prefix) {
        // Check if the database is now empty, ignore the internal SQLite tables.
        try {
--- a/drupal7/web/includes/errors.inc
+++ b/drupal7/web/includes/errors.inc
@ -216,7 +216,7 @@ function _drupal_log_error($error, $fatal = FALSE) {
    if ($fatal) {
      // When called from CLI, simply output a plain text message.
      print html_entity_decode(strip_tags(t('%type: !message in %function (line %line of %file).', $error))). "\n";
-      exit;
+      exit(1);
    }
  }

@ -224,7 +224,7 @@ function _drupal_log_error($error, $fatal = FALSE) {
    if ($fatal) {
      if (error_displayable($error)) {
        // When called from JavaScript, simply output the error message.
-        print t('%type: !message in %function (line %line of %file).', $error);
+        print t('%type: !message in %function (line %line of %file).', _drupal_strip_error_file_path($error));
      }
      exit;
    }
@ -242,7 +242,7 @@ function _drupal_log_error($error, $fatal = FALSE) {
        $class = 'status';
      }

-      drupal_set_message(t('%type: !message in %function (line %line of %file).', $error), $class);
+      drupal_set_message(t('%type: !message in %function (line %line of %file).', _drupal_strip_error_file_path($error)), $class);
    }

    if ($fatal) {
@ -291,3 +291,28 @@ function _drupal_get_last_caller($backtrace) {
  }
  return $call;
 }
+
+/**
+ * Strip full path information from error details.
+ *
+ * @param $error
+ *   An array with the following keys: %type, !message, %function, %file, %line
+ *   and severity_level.
+ *
+ * @return
+ *   An array with the same keys as the $error param but with full paths
+ *   stripped from the %file element
+ */
+function _drupal_strip_error_file_path($error) {
+  if (!empty($error['%file'])) {
+    if (($drupal_root_position = strpos($error['%file'], DRUPAL_ROOT)) === 0) {
+      $root_length = strlen(DRUPAL_ROOT);
+      $error['%file'] = substr($error['%file'], $root_length + 1);
+    }
+    elseif ($drupal_root_position !== FALSE) {
+      // As a fallback, make sure DRUPAL_ROOT's value is not in the path.
+      $error['%file'] = str_replace(DRUPAL_ROOT, 'DRUPAL_ROOT', $error['%file']);
+    }
+  }
+  return $error;
+}
--- a/drupal7/web/includes/file.inc
+++ b/drupal7/web/includes/file.inc
@ -2082,7 +2082,7 @@ function file_download() {
  $target = implode('/', $args);
  $uri = $scheme . '://' . $target;
  $uri = file_uri_normalize_dot_segments($uri);
-  if (file_stream_wrapper_valid_scheme($scheme) && file_exists($uri)) {
+  if (file_stream_wrapper_valid_scheme($scheme) && is_file($uri)) {
    $headers = file_download_headers($uri);
    if (count($headers)) {
      file_transfer($uri, $headers);
--- a/drupal7/web/includes/mail.inc
+++ b/drupal7/web/includes/mail.inc
@ -624,7 +624,7 @@ function drupal_mail_format_display_name($string) {
 */
 function _drupal_wrap_mail_line(&$line, $key, $values) {
  // Use soft-breaks only for purely quoted or unindented text.
-  $line = wordwrap($line, 77 - $values['length'], $values['soft'] ? " \n" : "\n");
+  $line = wordwrap($line, 77 - $values['length'], $values['soft'] ? "  \n" : "\n");
  // Break really long words at the maximum width allowed.
  $line = wordwrap($line, 996 - $values['length'], $values['soft'] ? " \n" : "\n", TRUE);
 }
--- a/drupal7/web/includes/unicode.inc
+++ b/drupal7/web/includes/unicode.inc
@ -478,6 +478,9 @@ function decode_entities($text) {
 */
 function drupal_strlen($text) {
  global $multibyte;
+  if (is_null($text)) {
+    return 0;
+  }
  if ($multibyte == UNICODE_MULTIBYTE) {
    return mb_strlen($text);
  }
--- a/drupal7/web/includes/updater.inc
+++ b/drupal7/web/includes/updater.inc
@ -245,9 +245,6 @@ class Updater {
      // Make sure the installation parent directory exists and is writable.
      $this->prepareInstallDirectory($filetransfer, $args['install_dir']);

-      // Note: If the project is installed in sites/all, it will not be
-      // deleted. It will be installed in sites/default as that will override
-      // the sites/all reference and not break other sites which are using it.
      if (is_dir($args['install_dir'] . '/' . $this->name)) {
        // Remove the existing installed file.
        $filetransfer->removeDirectory($args['install_dir'] . '/' . $this->name);
--- a/drupal7/web/includes/utility.inc
+++ b/drupal7/web/includes/utility.inc
@ -26,7 +26,7 @@ function drupal_var_export($var, $prefix = '') {
      // Don't export keys if the array is non associative.
      $export_keys = array_values($var) != $var;
      foreach ($var as $key => $value) {
-        $output .= '  ' . ($export_keys ? drupal_var_export($key) . ' => ' : '') . drupal_var_export($value, '  ', FALSE) . ",\n";
+        $output .= '  ' . ($export_keys ? drupal_var_export($key) . ' => ' : '') . drupal_var_export($value, '  ') . ",\n";
      }
      $output .= ')';
    }
@ -35,7 +35,6 @@ function drupal_var_export($var, $prefix = '') {
    $output = $var ? 'TRUE' : 'FALSE';
  }
  elseif (is_string($var)) {
-    $line_safe_var = str_replace("\n", '\n', $var);
    if (strpos($var, "\n") !== FALSE || strpos($var, "'") !== FALSE) {
      // If the string contains a line break or a single quote, use the
      // double quote export mode. Encode backslash and double quotes and
--- a/drupal7/web/modules/aggregator/aggregator.info
+++ b/drupal7/web/modules/aggregator/aggregator.info
@ -7,7 +7,7 @@ files[] = aggregator.test
 configure = admin/config/services/aggregator/settings
 stylesheets[all][] = aggregator.css

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/aggregator/tests/aggregator_test.info
+++ b/drupal7/web/modules/aggregator/tests/aggregator_test.info
@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/announcements_feed/announcements_feed.info
+++ b/drupal7/web/modules/announcements_feed/announcements_feed.info
@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 files[] = tests/announce_feed_test.test

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/announcements_feed/tests/announce_feed_test.info
+++ b/drupal7/web/modules/announcements_feed/tests/announce_feed_test.info
@ -4,7 +4,7 @@ package = Testing
 core = 7.x
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/block/block.info
+++ b/drupal7/web/modules/block/block.info
@ -6,7 +6,7 @@ core = 7.x
 files[] = block.test
 configure = admin/structure/block

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/block/tests/block_test.info
+++ b/drupal7/web/modules/block/tests/block_test.info
@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/block/tests/themes/block_test_theme/block_test_theme.info
+++ b/drupal7/web/modules/block/tests/themes/block_test_theme/block_test_theme.info
@ -13,7 +13,7 @@ regions[footer] = Footer
 regions[highlighted] = Highlighted
 regions[help] = Help

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/blog/blog.info
+++ b/drupal7/web/modules/blog/blog.info
@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 files[] = blog.test

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/book/book.info
+++ b/drupal7/web/modules/book/book.info
@ -7,7 +7,7 @@ files[] = book.test
 configure = admin/content/book/settings
 stylesheets[all][] = book.css

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/color/color.info
+++ b/drupal7/web/modules/color/color.info
@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 files[] = color.test

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/comment/comment.info
+++ b/drupal7/web/modules/comment/comment.info
@ -9,7 +9,7 @@ files[] = comment.test
 configure = admin/content/comment
 stylesheets[all][] = comment.css

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/comment/tests/comment_hook_test.info
+++ b/drupal7/web/modules/comment/tests/comment_hook_test.info
@ -5,7 +5,7 @@ package = Testing
 version = VERSION
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/contact/contact.info
+++ b/drupal7/web/modules/contact/contact.info
@ -6,7 +6,7 @@ core = 7.x
 files[] = contact.test
 configure = admin/structure/contact

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/contextual/contextual.info
+++ b/drupal7/web/modules/contextual/contextual.info
@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 files[] = contextual.test

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/dashboard/dashboard.info
+++ b/drupal7/web/modules/dashboard/dashboard.info
@ -7,7 +7,7 @@ files[] = dashboard.test
 dependencies[] = block
 configure = admin/dashboard/customize

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/dblog/dblog.info
+++ b/drupal7/web/modules/dblog/dblog.info
@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 files[] = dblog.test

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/dblog/dblog.test
+++ b/drupal7/web/modules/dblog/dblog.test
@ -128,12 +128,30 @@ class DBLogTestCase extends DrupalWebTestCase {
    $count = db_query('SELECT COUNT(wid) FROM {watchdog}')->fetchField();
    $this->assertTrue($count > $row_limit, format_string('Dblog row count of @count exceeds row limit of @limit', array('@count' => $count, '@limit' => $row_limit)));

+    // Get last ID to compare against; log entries get deleted, so we can't
+    // reliably add the number of newly created log entries to the current count
+    // to measure number of log entries created by cron.
+    $last_id = db_query('SELECT MAX(wid) FROM {watchdog}')->fetchField();
+
    // Run a cron job.
    $this->cronRun();
-    // Verify that the database log row count equals the row limit plus one
-    // because cron adds a record after it runs.
-    $count = db_query('SELECT COUNT(wid) FROM {watchdog}')->fetchField();
-    $this->assertTrue($count == $row_limit + 1, format_string('Dblog row count of @count equals row limit of @limit plus one', array('@count' => $count, '@limit' => $row_limit)));
+
+    // Get last ID after cron was run.
+    $current_id = db_query('SELECT MAX(wid) FROM {watchdog}')->fetchField();
+
+    // Only one final "cron is finished" message should be logged.
+    $this->assertEqual($current_id - $last_id, 1, format_string('Cron added @count of @expected new log entries', array('@count' => $current_id - $last_id, '@expected' => 1)));
+
+    // Test enabling of detailed cron logging.
+    // Get the number of enabled modules. Cron adds a log entry for each module.
+    $module_count = count(module_implements('cron'));
+    variable_set('cron_detailed_logging', 1);
+    $last_id = db_query('SELECT MAX(wid) FROM {watchdog}')->fetchField();
+    $this->cronRun();
+    $current_id = db_query('SELECT MAX(wid) FROM {watchdog}')->fetchField();
+
+    // The number of log entries created.
+    $this->assertEqual($current_id - $last_id, $module_count + 2, format_string('Cron added @count of @expected new log entries', array('@count' => $current_id - $last_id, '@expected' => $module_count + 2)));
  }

  /**
--- a/drupal7/web/modules/field/field.info
+++ b/drupal7/web/modules/field/field.info
@ -11,7 +11,7 @@ dependencies[] = field_sql_storage
 required = TRUE
 stylesheets[all][] = theme/field.css

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/field/modules/field_sql_storage/field_sql_storage.info
+++ b/drupal7/web/modules/field/modules/field_sql_storage/field_sql_storage.info
@ -7,7 +7,7 @@ dependencies[] = field
 files[] = field_sql_storage.test
 required = TRUE

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/field/modules/list/list.info
+++ b/drupal7/web/modules/field/modules/list/list.info
@ -7,7 +7,7 @@ dependencies[] = field
 dependencies[] = options
 files[] = tests/list.test

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/field/modules/list/tests/list_test.info
+++ b/drupal7/web/modules/field/modules/list/tests/list_test.info
@ -5,7 +5,7 @@ package = Testing
 version = VERSION
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/field/modules/number/number.info
+++ b/drupal7/web/modules/field/modules/number/number.info
@ -6,7 +6,7 @@ core = 7.x
 dependencies[] = field
 files[] = number.test

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/field/modules/options/options.info
+++ b/drupal7/web/modules/field/modules/options/options.info
@ -6,7 +6,7 @@ core = 7.x
 dependencies[] = field
 files[] = options.test

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/field/modules/text/text.info
+++ b/drupal7/web/modules/field/modules/text/text.info
@ -7,7 +7,7 @@ dependencies[] = field
 files[] = text.test
 required = TRUE

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/field/modules/text/text.test
+++ b/drupal7/web/modules/field/modules/text/text.test
@ -377,6 +377,15 @@ class TextSummaryTestCase extends DrupalWebTestCase {
    // Test text_summary() for different sizes.
    for ($i = 0; $i <= 37; $i++) {
      $this->callTextSummary($text, $expected[$i],    NULL, $i);
+
+      // libxml2 library changed parsing behavior on version 2.9.14. Skip
+      // specific edge-case testing for all further versions.
+      // @see https://gitlab.gnome.org/GNOME/libxml2/-/issues/474
+      // @see https://www.drupal.org/project/drupal/issues/3397882
+      if ($i == 1 && defined('LIBXML_VERSION') && LIBXML_VERSION >= 20914) {
+        continue;
+      }
+
      $this->callTextSummary($text, $expected_lb[$i], 'plain_text', $i);
      $this->callTextSummary($text, $expected_lb[$i], 'filtered_html', $i);
    }
--- a/drupal7/web/modules/field/tests/field_test.info
+++ b/drupal7/web/modules/field/tests/field_test.info
@ -6,7 +6,7 @@ files[] = field_test.entity.inc
 version = VERSION
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/field/tests/field_test_schema_alter.info
+++ b/drupal7/web/modules/field/tests/field_test_schema_alter.info
@ -5,7 +5,7 @@ package = Testing
 version = VERSION
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/field_ui/field_ui.info
+++ b/drupal7/web/modules/field_ui/field_ui.info
@ -6,7 +6,7 @@ core = 7.x
 dependencies[] = field
 files[] = field_ui.test

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/file/file.info
+++ b/drupal7/web/modules/file/file.info
@ -6,7 +6,7 @@ core = 7.x
 dependencies[] = field
 files[] = tests/file.test

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/file/tests/file_module_test.info
+++ b/drupal7/web/modules/file/tests/file_module_test.info
@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/filter/filter.info
+++ b/drupal7/web/modules/filter/filter.info
@ -7,7 +7,7 @@ files[] = filter.test
 required = TRUE
 configure = admin/config/content/formats

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/filter/filter.module
+++ b/drupal7/web/modules/filter/filter.module
@ -1515,14 +1515,26 @@ function _filter_url($text, $filter) {
  // re-split after each task, since all injected HTML tags must be correctly
  // protected before the next task.
  foreach ($tasks as $task => $pattern) {
+    // Store the current text in case any of the preg_* functions fail.
+    $saved_text = $text;
+
    // HTML comments need to be handled separately, as they may contain HTML
    // markup, especially a '>'. Therefore, remove all comment contents and add
    // them back later.
    _filter_url_escape_comments('', TRUE);
    $text = preg_replace_callback('`<!--(.*?)-->`s', '_filter_url_escape_comments', $text);
+    if (preg_last_error()) {
+      $text = $saved_text;
+      continue 1;
+    }

    // Split at all tags; ensures that no tags or attributes are processed.
    $chunks = preg_split('/(<.+?>)/is', $text, -1, PREG_SPLIT_DELIM_CAPTURE);
+    if (preg_last_error()) {
+      $text = $saved_text;
+      continue 1;
+    }
+
    // PHP ensures that the array consists of alternating delimiters and
    // literals, and begins and ends with a literal (inserting NULL as
    // required). Therefore, the first chunk is always text:
@ -1539,6 +1551,10 @@ function _filter_url($text, $filter) {
          // If there is a match, inject a link into this chunk via the callback
          // function contained in $task.
          $chunks[$i] = preg_replace_callback($pattern, $task, $chunks[$i]);
+          if (preg_last_error()) {
+            $text = $saved_text;
+            continue 2;
+          }
        }
        // Text chunk is done, so next chunk must be a tag.
        $chunk_type = 'tag';
@ -1566,6 +1582,10 @@ function _filter_url($text, $filter) {
    // Revert back to the original comment contents
    _filter_url_escape_comments('', FALSE);
    $text = preg_replace_callback('`<!--(.*?)-->`', '_filter_url_escape_comments', $text);
+    if (preg_last_error()) {
+      $text = $saved_text;
+      continue 1;
+    }
  }

  return $text;
--- a/drupal7/web/modules/filter/filter.test
+++ b/drupal7/web/modules/filter/filter.test
@ -1637,6 +1637,7 @@ www.example.com with a newline in comments -->
   *   comments.
   * - Empty HTML tags (BR, IMG).
   * - Mix of absolute and partial URLs, and e-mail addresses in one content.
+   * - Input that exceeds PCRE backtracking limit.
   */
  function testUrlFilterContent() {
    // Setup dummy filter object.
@ -1650,6 +1651,16 @@ www.example.com with a newline in comments -->
    $expected = file_get_contents($path . '/filter.url-output.txt');
    $result = _filter_url($input, $filter);
    $this->assertIdentical($result, $expected, 'Complex HTML document was correctly processed.');
+
+    // Case of a small and simple HTML document.
+    $input = $expected = '<p>www.test.com</p>';
+    $result = $this->filterUrlWithPcreErrors($input, $filter);
+    $this->assertIdentical($expected, $result, 'Simple HTML document was left intact when PCRE errors occurred.');
+
+    // Case of a complex HTML document.
+    $input = $expected = file_get_contents($path . '/filter.url-input.txt');
+    $result = $this->filterUrlWithPcreErrors($input, $filter);
+    $this->assertIdentical($expected, $result, 'Complex HTML document was left intact when PCRE errors occurred.');
  }

  /**
@ -1890,6 +1901,28 @@ body {color:red}
  function assertNoNormalized($haystack, $needle, $message = '', $group = 'Other') {
    return $this->assertTrue(strpos(strtolower(decode_entities($haystack)), $needle) === FALSE, $message, $group);
  }
+
+  /**
+   * Calls filter_url with pcre.backtrack_limit set to 1.
+   *
+   * When PCRE errors occur, _filter_url() returns the input text unchanged.
+   *
+   * @param $input
+   *   Text to pass on to _filter_url().
+   * @param $filter
+   *   Filter to pass on to _filter_url().
+   * @return
+   *   The processed $input.
+   */
+  protected function filterUrlWithPcreErrors($input, $filter) {
+    $pcre_backtrack_limit = ini_get('pcre.backtrack_limit');
+    // Setting this limit to the smallest possible value should cause PCRE
+    // errors and break the various preg_* functions used by _filter_url().
+    ini_set('pcre.backtrack_limit', 1);
+    $result = _filter_url($input, $filter);
+    ini_set('pcre.backtrack_limit', $pcre_backtrack_limit);
+    return $result;
+  }
 }

 /**
--- a/drupal7/web/modules/forum/forum.info
+++ b/drupal7/web/modules/forum/forum.info
@ -9,7 +9,7 @@ files[] = forum.test
 configure = admin/structure/forum
 stylesheets[all][] = forum.css

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/help/help.info
+++ b/drupal7/web/modules/help/help.info
@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 files[] = help.test

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/image/image.info
+++ b/drupal7/web/modules/image/image.info
@ -7,7 +7,7 @@ dependencies[] = file
 files[] = image.test
 configure = admin/config/media/image-styles

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/image/tests/image_module_styles_test.info
+++ b/drupal7/web/modules/image/tests/image_module_styles_test.info
@ -7,7 +7,7 @@ files[] = image_module_styles_test.module
 dependencies[] = image_module_test
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/image/tests/image_module_test.info
+++ b/drupal7/web/modules/image/tests/image_module_test.info
@ -6,7 +6,7 @@ core = 7.x
 files[] = image_module_test.module
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/locale/locale.info
+++ b/drupal7/web/modules/locale/locale.info
@ -6,7 +6,7 @@ core = 7.x
 files[] = locale.test
 configure = admin/config/regional/language

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/locale/tests/locale_test.info
+++ b/drupal7/web/modules/locale/tests/locale_test.info
@ -5,7 +5,7 @@ package = Testing
 version = VERSION
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/menu/menu.info
+++ b/drupal7/web/modules/menu/menu.info
@ -6,7 +6,7 @@ core = 7.x
 files[] = menu.test
 configure = admin/structure/menu

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/node/node.admin.inc
+++ b/drupal7/web/modules/node/node.admin.inc
@ -165,12 +165,7 @@ function node_filter_form() {
  );
  foreach ($session as $filter) {
    list($type, $value) = $filter;
-    if ($type == 'term') {
-      // Load term name from DB rather than search and parse options array.
-      $value = module_invoke('taxonomy', 'term_load', $value);
-      $value = $value->name;
-    }
-    elseif ($type == 'language') {
+    if ($type == 'language') {
      $value = $value == LANGUAGE_NONE ? t('Language neutral') : module_invoke('locale', 'language_name', $value);
    }
    else {
--- a/drupal7/web/modules/node/node.info
+++ b/drupal7/web/modules/node/node.info
@ -9,7 +9,7 @@ required = TRUE
 configure = admin/structure/types
 stylesheets[all][] = node.css

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/node/tests/node_access_test.info
+++ b/drupal7/web/modules/node/tests/node_access_test.info
@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/node/tests/node_test.info
+++ b/drupal7/web/modules/node/tests/node_test.info
@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/node/tests/node_test_exception.info
+++ b/drupal7/web/modules/node/tests/node_test_exception.info
@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/openid/openid.info
+++ b/drupal7/web/modules/openid/openid.info
@ -5,7 +5,7 @@ package = Core
 core = 7.x
 files[] = openid.test

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/openid/tests/openid_test.info
+++ b/drupal7/web/modules/openid/tests/openid_test.info
@ -6,7 +6,7 @@ core = 7.x
 dependencies[] = openid
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/overlay/overlay-parent.js
+++ b/drupal7/web/modules/overlay/overlay-parent.js
@ -229,7 +229,7 @@ Drupal.overlay.destroy = function () {
 */
 Drupal.overlay.redirect = function (url) {
  // Create a native Link object, so we can use its object methods.
-  var link = $(url.link(url)).get(0);
+  var link = $("<a>").attr("href", url).get(0);

  // If the link is already open, force the hashchange event to simulate reload.
  if (window.location.href == link.href) {
@ -865,7 +865,7 @@ Drupal.overlay.resetActiveClass = function(activePath) {
 Drupal.overlay.getPath = function (link, ignorePathFromQueryString) {
  if (typeof link == 'string') {
    // Create a native Link object, so we can use its object methods.
-    link = $(link.link(link)).get(0);
+    link = $("<a>").attr("href", link).get(0);
  }

  var path = link.pathname;
--- a/drupal7/web/modules/overlay/overlay.info
+++ b/drupal7/web/modules/overlay/overlay.info
@ -4,7 +4,7 @@ package = Core
 version = VERSION
 core = 7.x

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/path/path.info
+++ b/drupal7/web/modules/path/path.info
@ -6,7 +6,7 @@ core = 7.x
 files[] = path.test
 configure = admin/config/search/path

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/path/path.module
+++ b/drupal7/web/modules/path/path.module
@ -41,6 +41,7 @@ function path_permission() {
  return array(
    'administer url aliases' => array(
      'title' => t('Administer URL aliases'),
+      'restrict access' => TRUE,
    ),
    'create url aliases' => array(
      'title' => t('Create and edit URL aliases'),
--- a/drupal7/web/modules/php/php.info
+++ b/drupal7/web/modules/php/php.info
@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 files[] = php.test

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/poll/poll.info
+++ b/drupal7/web/modules/poll/poll.info
@ -6,7 +6,7 @@ core = 7.x
 files[] = poll.test
 stylesheets[all][] = poll.css

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/profile/profile.info
+++ b/drupal7/web/modules/profile/profile.info
@ -11,7 +11,7 @@ configure = admin/config/people/profile
 ; See user_system_info_alter().
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/rdf/rdf.info
+++ b/drupal7/web/modules/rdf/rdf.info
@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 files[] = rdf.test

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/rdf/tests/rdf_test.info
+++ b/drupal7/web/modules/rdf/tests/rdf_test.info
@ -6,7 +6,7 @@ core = 7.x
 hidden = TRUE
 dependencies[] = blog

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/search/search.info
+++ b/drupal7/web/modules/search/search.info
@ -8,7 +8,7 @@ files[] = search.test
 configure = admin/config/search/settings
 stylesheets[all][] = search.css

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/search/tests/search_embedded_form.info
+++ b/drupal7/web/modules/search/tests/search_embedded_form.info
@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/search/tests/search_extra_type.info
+++ b/drupal7/web/modules/search/tests/search_extra_type.info
@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/search/tests/search_node_tags.info
+++ b/drupal7/web/modules/search/tests/search_node_tags.info
@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/shortcut/shortcut.info
+++ b/drupal7/web/modules/shortcut/shortcut.info
@ -6,7 +6,7 @@ core = 7.x
 files[] = shortcut.test
 configure = admin/config/user-interface/shortcut

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/simpletest/drupal_web_test_case.php
+++ b/drupal7/web/modules/simpletest/drupal_web_test_case.php
@ -560,23 +560,22 @@ abstract class DrupalTestCase {
          'function' => $class . '->' . $method . '()',
        );
        $completion_check_id = DrupalTestCase::insertAssert($this->testId, $class, FALSE, t('The test did not complete due to a fatal error.'), 'Completion check', $caller);
-        $this->setUp();
-        if ($this->setup) {
-          try {
+        try {
+          $this->setUp();
+          if ($this->setup) {
            $this->$method();
-            // Finish up.
+            $this->tearDown();
          }
-          catch (Throwable $e) {
-            $this->exceptionHandler($e);
+          else {
+            $this->fail(t("The test cannot be executed because it has not been set up properly."));
          }
-          catch (Exception $e) {
-            // Cater for older PHP versions.
-            $this->exceptionHandler($e);
-          }
-          $this->tearDown();
        }
-        else {
-          $this->fail(t("The test cannot be executed because it has not been set up properly."));
+        catch (Throwable $e) {
+          $this->exceptionHandler($e);
+        }
+        catch (Exception $e) {
+          // Cater for older PHP versions.
+          $this->exceptionHandler($e);
        }
        // Remove the completion check record.
        DrupalTestCase::deleteAssert($completion_check_id);
--- a/drupal7/web/modules/simpletest/simpletest.info
+++ b/drupal7/web/modules/simpletest/simpletest.info
@ -58,7 +58,7 @@ files[] = tests/upgrade/update.trigger.test
 files[] = tests/upgrade/update.field.test
 files[] = tests/upgrade/update.user.test

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/simpletest/simpletest.pages.inc
+++ b/drupal7/web/modules/simpletest/simpletest.pages.inc
@ -443,7 +443,7 @@ function simpletest_settings_form($form, &$form_state) {
  $form['general']['simpletest_clear_results'] = array(
    '#type' => 'checkbox',
    '#title' => t('Clear results after each complete test suite run'),
-    '#description' => t('By default SimpleTest will clear the results after they have been viewed on the results page, but in some cases it may be useful to leave the results in the database. The results can then be viewed at <em>admin/config/development/testing/[test_id]</em>. The test ID can be found in the database, simpletest table, or kept track of when viewing the results the first time. Additionally, some modules may provide more analysis or features that require this setting to be disabled.'),
+    '#description' => t('By default SimpleTest will clear the results after they have been viewed on the results page, but in some cases it may be useful to leave the results in the database. The results can then be viewed at <em>admin/config/development/testing/results/[test_id]</em>. The test ID can be found in the database, simpletest table, or kept track of when viewing the results the first time. Additionally, some modules may provide more analysis or features that require this setting to be disabled.'),
    '#default_value' => variable_get('simpletest_clear_results', TRUE),
  );
  $form['general']['simpletest_verbose'] = array(
--- a/drupal7/web/modules/simpletest/tests/actions_loop_test.info
+++ b/drupal7/web/modules/simpletest/tests/actions_loop_test.info
@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/simpletest/tests/ajax.test
+++ b/drupal7/web/modules/simpletest/tests/ajax.test
@ -618,4 +618,16 @@ class AJAXElementValidation extends AJAXTestCase {
    $this->assertNoText(t('Error message'), "No error message in resultant JSON");
    $this->assertText('ajax_forms_test_validation_form_callback invoked', 'The correct callback was invoked');
  }
+
+  /**
+   * Try to open default Ajax callback without passing required data.
+   */
+  function testAJAXPathWithoutData() {
+    $this->drupalGet('system/ajax');
+    $query_parameters = array(
+      ':type' => 'php',
+      ':severity' => WATCHDOG_WARNING,
+    );
+    $this->assertEqual(db_query('SELECT COUNT(*) FROM {watchdog} WHERE type = :type AND severity = :severity', $query_parameters)->fetchField(), 0, 'No warning message appears in the logs.');
+  }
 }
--- a/drupal7/web/modules/simpletest/tests/ajax_forms_test.info
+++ b/drupal7/web/modules/simpletest/tests/ajax_forms_test.info
@ -5,7 +5,7 @@ package = Testing
 version = VERSION
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/simpletest/tests/ajax_test.info
+++ b/drupal7/web/modules/simpletest/tests/ajax_test.info
@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/simpletest/tests/batch_test.info
+++ b/drupal7/web/modules/simpletest/tests/batch_test.info
@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/simpletest/tests/boot_test_1.info
+++ b/drupal7/web/modules/simpletest/tests/boot_test_1.info
@ -5,7 +5,7 @@ package = Testing
 version = VERSION
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/simpletest/tests/boot_test_2.info
+++ b/drupal7/web/modules/simpletest/tests/boot_test_2.info
@ -5,7 +5,7 @@ package = Testing
 version = VERSION
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/simpletest/tests/bootstrap.test
+++ b/drupal7/web/modules/simpletest/tests/bootstrap.test
@ -963,3 +963,62 @@ class BootstrapDrupalCacheArrayTestCase extends DrupalWebTestCase {
    $this->assertTrue(is_string($payload2) && (strpos($payload2, 'phpinfo') !== FALSE), 'DrupalCacheArray persisted data to cache_form.');
  }
 }
+
+/**
+ * Test the trusted HTTP host configuration.
+ */
+class BootstrapTrustedHostsTestCase extends DrupalUnitTestCase {
+
+  public static function getInfo() {
+    return array(
+      'name' => 'Trusted HTTP host test',
+      'description' => 'Tests the trusted_host_patterns configuration.',
+      'group' => 'Bootstrap',
+    );
+  }
+
+  /**
+   * Tests hostname validation.
+   *
+   * @see drupal_check_trusted_hosts()
+   */
+  function testTrustedHosts() {
+    $trusted_host_patterns = array(
+      '^example\.com$',
+      '^.+\.example\.com$',
+      '^example\.org',
+      '^.+\.example\.org',
+    );
+
+    foreach ($this->providerTestTrustedHosts() as $data) {
+      $test = array_combine(array('host', 'message', 'expected'), $data);
+      $valid_host = drupal_check_trusted_hosts($test['host'], $trusted_host_patterns);
+      $this->assertEqual($test['expected'], $valid_host, $test['message']);
+    }
+  }
+
+  /**
+   * Provides test data for testTrustedHosts().
+   */
+  public function providerTestTrustedHosts() {
+    $data = array();
+
+    // Tests canonical URL.
+    $data[] = array('www.example.com', 'canonical URL is trusted', TRUE);
+
+    // Tests missing hostname for HTTP/1.0 compatability where the Host
+    // header is optional.
+    $data[] = array(NULL, 'empty Host is valid', TRUE);
+
+    // Tests the additional patterns from the settings.
+    $data[] = array('example.com', 'host from settings is trusted', TRUE);
+    $data[] = array('subdomain.example.com', 'host from settings is trusted', TRUE);
+    $data[] = array('www.example.org', 'host from settings is trusted', TRUE);
+    $data[] = array('example.org', 'host from settings is trusted', TRUE);
+
+    // Tests mismatch.
+    $data[] = array('www.blackhat.com', 'unspecified host is untrusted', FALSE);
+
+    return $data;
+  }
+}
--- a/drupal7/web/modules/simpletest/tests/cache.test
+++ b/drupal7/web/modules/simpletest/tests/cache.test
@ -303,20 +303,6 @@ class CacheClearCase extends CacheTestCase {

    $this->assertTrue($this->checkCacheExists('test_cid_clear3', $this->default_value),
                      'Entry was not cleared from the cache');
-
-    // Set the cache clear threshold to 2 to confirm that the full bin is cleared
-    // when the threshold is exceeded.
-    variable_set('cache_clear_threshold', 2);
-    cache_set('test_cid_clear1', $this->default_value, $this->default_bin);
-    cache_set('test_cid_clear2', $this->default_value, $this->default_bin);
-    $this->assertTrue($this->checkCacheExists('test_cid_clear1', $this->default_value)
-                      && $this->checkCacheExists('test_cid_clear2', $this->default_value),
-                      'Two cache entries were created.');
-    cache_clear_all(array('test_cid_clear1', 'test_cid_clear2', 'test_cid_clear3'), $this->default_bin);
-    $this->assertFalse($this->checkCacheExists('test_cid_clear1', $this->default_value)
-                       || $this->checkCacheExists('test_cid_clear2', $this->default_value)
-                       || $this->checkCacheExists('test_cid_clear3', $this->default_value),
-                       'All cache entries removed when the array exceeded the cache clear threshold.');
  }

  /**
--- a/drupal7/web/modules/simpletest/tests/common_test.info
+++ b/drupal7/web/modules/simpletest/tests/common_test.info
@ -7,7 +7,7 @@ stylesheets[all][] = common_test.css
 stylesheets[print][] = common_test.print.css
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/simpletest/tests/common_test_cron_helper.info
+++ b/drupal7/web/modules/simpletest/tests/common_test_cron_helper.info
@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/simpletest/tests/database_test.info
+++ b/drupal7/web/modules/simpletest/tests/database_test.info
@ -5,7 +5,7 @@ package = Testing
 version = VERSION
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/simpletest/tests/drupal_autoload_test/drupal_autoload_test.info
+++ b/drupal7/web/modules/simpletest/tests/drupal_autoload_test/drupal_autoload_test.info
@ -7,7 +7,7 @@ version = VERSION
 core = 7.x
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/simpletest/tests/drupal_system_listing_compatible_test/drupal_system_listing_compatible_test.info
+++ b/drupal7/web/modules/simpletest/tests/drupal_system_listing_compatible_test/drupal_system_listing_compatible_test.info
@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/simpletest/tests/drupal_system_listing_incompatible_test/drupal_system_listing_incompatible_test.info
+++ b/drupal7/web/modules/simpletest/tests/drupal_system_listing_incompatible_test/drupal_system_listing_incompatible_test.info
@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/simpletest/tests/entity_cache_test.info
+++ b/drupal7/web/modules/simpletest/tests/entity_cache_test.info
@ -6,7 +6,7 @@ core = 7.x
 dependencies[] = entity_cache_test_dependency
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/simpletest/tests/entity_cache_test_dependency.info
+++ b/drupal7/web/modules/simpletest/tests/entity_cache_test_dependency.info
@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2024-03-06
-version = "7.100"
+; Information added by Drupal.org packaging script on 2024-12-04
+version = "7.103"
 project = "drupal"
-datestamp = "1709734591"
+datestamp = "1733324608"
--- a/drupal7/web/modules/simpletest/tests/entity_crud.test
+++ b/drupal7/web/modules/simpletest/tests/entity_crud.test
@ -58,4 +58,33 @@ class EntityLoadTestCase extends DrupalWebTestCase {
    $nodes_loaded = entity_load('node', array('1.', '2'));
    $this->assertEqual(count($nodes_loaded), 1);
  }
+
+  /**
+   * Tests the controller class loading functionality on non-existing entity
+   * types and on entities without valid controller class.
+   */
+  public function testEntityLoadInvalidControllerClass() {
+    // Ensure that loading a non-existing entity type will throw an
+    // EntityMalformedException.
+    try {
+      entity_load('test', array('1'));
+      $this->fail(t('Cannot load a controller class on non-existing entity type.'));
+    }
+    catch (EntityMalformedException $e) {
+      $this->pass(t('Cannot load a controller class on non-existing entity type.'));
+    }
+
+    // Ensure that loading an entity without valid controller class will throw
+    // an EntityMalformedException.
+    module_enable(array('entity_crud_hook_test'));
+    variable_set('entity_crud_hook_test_alter_controller_class', TRUE);
+    try {
+      entity_load('node', array('1'));
+      $this->fail(t('Cannot load a missing or non-existent controller class.'));
+    }
+    catch (EntityMalformedException $e) {
+      $this->pass(t('Cannot load a missing or non-existent controller class.'));
+    }
+    variable_set('entity_crud_hook_test_alter_controller_class', FALSE);
+  }
 }
--- a/Show more
+++ b/Show more